x0rz @x0rz@mastodon.social

Tweets are automatically forwarded from https://twitter.com/x0rz

s/branches/breaches
s/in/it

Damn autocorrect

This is the kind of beach I like. Almost alone. https://t.co/63FC3YSnDP

https://t.co/bpY1eiKIOP

Generally beware of large account that doesn’t appear to be "personal" and is spewing content 24/7, without any kind of referral and showing no means of monetization. They are building an audience, not for free.

So now ransomware gangs are setting up auctions for stolen data. Looks like the Shadow Brokers were ahead of their time.

These are 4 images from my news feed, may 2020. What a mess.

That dystopian future we all dreamed about https://t.co/t728bv7Aai

I mean, we go back to the halting problem... there's nothing much we can do to detect this.

Also, it says a lot when an attacker is using tech from 2008-2009 (VirtualBox version 3.0.4 and Win XP SP3) to bypass latest 2020 EDR/AV.

If you're interested on the technical details https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/

#RagnarLocker deploying an old VirtualBox and a Windows XP image (totalling more than 400 MB), then mounting the drives to encrypt the files on the host from the VM. This is *really* dirty... and pretty smart when you think about AV evasion.

Everytime I read "POS malware" I can only think of "piece of shit malware" (when it really means Point-of-sale malware). Am I the only one? 🤣

BREAKING NEWS: Iran used American servers when launching a cyber attack [...]

Read: Iran used Google.

I've been wrong my whole life https://www.reddit.com/r/pcmasterrace/comments/geg0l0/very_interesting_demo/

Badin1990

"Since the beginning of March, the number of Bruteforce.Generic.RDP attacks has rocketed across almost the entire planet".
Nature is healing, we are the virus.
https://securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820/

Shouldn’t we ban crime as well? Wonder why nobody thought of it before!

There are OSINT clues of it being from Russia. The company address is tied to a po box in Edinburgh (home to hundreds of shell companies located there). LOOKS TOTALLY LEGIT.

They fail to explain anything regarding how they handle "secure communication", or even how they deal with anonymity. These are complex matters, and I can't even find one single technical argument, technical diagram or even any encryption algorithm they might use. Total blackbox. https://t.co/XOSupGEq9D

The company behind this mysterious project, 1984 Group LP, exists since 2015 (https://beta.companieshouse.gov.uk/company/SL021781). No clue where they get their funding. There is no donation available and their "kit" is free to download.